On general principle, I believe all CGI programs should run with the -T flag to enable taint mode (see perlsec). That's not a serious issue here, because your code doesn't use tainted data in an unsafe manner -- at least, not yet. But it could grow, so it doesn't hurt to be careful early on.

I would also be more comfortable if your regex did something like this:

$name =~ /\Q$search_name\E/i
[download]

To make sure that special characters in your CGI parameter don't accidentally do something you didn't intend. See quotemeta and perlre.

buckaduck